Alasdair is a technology lawyer who has spent over 20 years working at the interface of law and IT with expertise spanning IT and ecommerce law, data protection and privacy, contract law, copyright and other intellectual property rights and consumer protection law.
His clients include UK-based and international cloud services providers, online platform operators, ecommerce businesses, software and website developers, systems integrators, resellers, managed services providers and digital media companies.
The heart of Alasdair’s practice is helping these businesses manage legal risk and exploit commercial opportunities, by:
- advising on legal compliance, including providing practical advice relating to data protection, product design and development, marketing systems and sales processes;
- creating contract documentation, including drafting contracts for customers, licensees, resellers, referral partners, suppliers, subcontractors and business partners, each tailored to the technology, brand and risk tolerance of the client;
- negotiating contract terms, shepherding contracts negotiations from handshake to signature, advising clients on strategies and tactics, and providing smart solutions to overcome roadblocks.
Expertise
Software, SaaS and Online Platforms
- Software system design and architecture, including the incorporation of AI into services and the application of privacy by design principles under the GDPR.
- Customer contracts for cloud/SaaS in a range of verticals, including technology services, financial services, ESG, hospitality, estates management, CAD, education, telecommunications, employee wellbeing, non-profits and logistics.
- MSAs, SoWs and other service contracts between technology vendors and enterprise customers in the UK, the USA, the EU and elsewhere on the basis of both vendor and customer paperwork.
- Responses to RFPs and public tenders.
- Contracting and the provision of services via online B2B intermediaries.
- Structuring channel partner, reseller and referral partners programmes, creating standard contract frameworks reflecting those structures, and negotiating these contracts to signature.
- Perpetual software licensing arrangements
- Software-related contracts: software development agreements, software licences, API terms of use, software support and maintenance agreements, managed services agreements, IT consulting and professional services agreements, subcontractor agreements and escrow agreements.
Websites, Ecommerce and Apps
- User journeys and user flows during the website and app design process.
- Contracts for web, ecommerce and app-related services – design and development agreements, hosting and maintenance agreements, support services agreements, digital marketing services agreements.
- Terms of use/service and related policies for UK and international websites and web applications.
- EULAs and terms of service for mobile apps and video games supplied through a range of distribution channels, including the Apple App Store and Google Play.
- Legal issues and risks associated with running an online B2C equipment hire and services business, and preparing standard trading terms for the business.
- Terms of sale, delivery policies and returns policies for businesses selling goods online, whether to other businesses or consumers.
Data Protection, Privacy and Confidentiality
- Data processing agreements and addenda, for both straightforward and complex transfer scenarios, often taking account not just of the GDPR in both its UK and EU forms, but also applicable data laws from other jurisdictions.
- Controller-to-controller data sharing arrangements and agreements.
- International transfer of personal data under the EU and UK GDPRs, including the transfer of special category data. This advice has covered the old and new EU standard contractual clauses, the UK’s international data transfer agreement and addendum, as well as the now-defunct Safe Harbor and Privacy Shield schemes, and the successor EU-US Data Privacy Framework and UK-US Data Bridge.
- Privacy notices and data protection policies.
- Data mapping, other data protection-related analysis exercises, data protection impact assessments and transfer impact assessments.
- Minor and major data breaches.
Experience
Software, SaaS and Online Platforms
- Advised a UK-based digital asset management system provider on the incorporation of AI-based facial recognition technology into its products.
- Updated the standard customer contract documentation of a market-leading provider of parcel management and labelling services, transforming a single unwieldy contract into a consistent and modular set of online documents, with a view to increasing efficiency in contracting processes, with respect to SME customers, key accounts and integration partners.
- Advised on a consulting services agreement between an expert in cryptocurrency trading strategies and a Swiss investment boutique.
- Created a new set of customer contracts for an award-winning provider of cyber security services. These contracts needed to be flexible enough to deal with constantly evolving system functionality and regular changes to the business model, whilst addressing the risks of cyber security liabilities being passed to the provider and also minimising contracting friction.
- Created a full suite of trading T&Cs for a VC-backed provider of data extraction, transformation and visualisation services, including subscription terms, PoC terms, an acceptable use policy, an SLA, a data processing addendum, a reseller agreement, a referral partners agreement and a professional services agreement.
- Assisted a leading facilities management SaaS provider with its responses an NHS tender and helped to bring the subsequent contract negotiations to a successful conclusion.
- Drafted and negotiated a reseller agreement between the client, the provider of an add-on to a market-leading support services infrastructure platform, and the platform provider itself.
- Advised a client providing innovative data routing and processing services on the production of contract documents for, and the minimisation of risk in relation to, the offering of its software via the Salesforce AppExchange and the ServiceNow Store.
- Drafted and negotiated a source code licence agreement on behalf of a developer of ecommerce software that was seeking to exit a long-standing customer relationship.
- Advised a Swiss government agency in relation to tenders for, and contracts with, suppliers of software and related services.
- Created T&Cs for a free-to-use API offered to the non-profit sector.
- Drafted a digitisation services agreement for a data capture business operating in the education sector.
- Advised and negotiated a high-value introduction and commission agreement for a managed services provider.
- Drafted podcast production and co-production agreements.
- Rewrote a software development services agreement for a small development agency.
- Negotiated, on behalf of technology vendors, dozens of SaaS and software services contracts with customer legal teams, both in house and external.
Websites, Ecommerce and Apps
- Advised on the incorporation of ChatGPT AI assistant into the services provided by a mobile app.
- Prepared standard terms of service and related documents, including template website documents to be used by end customers, for an international website-as-a-service provider.
- Drafted and maintained standard legal documents for one of the UK’s leading battery supply websites, including terms of use, terms of sale, a delivery policy, a returns policy and a privacy policy.
- Advised on the application of the ecommerce laws, including the platform-to-business (P2B) regulation, to an established platform that brings together trade professionals and consumers.
- Created terms of service, a seller agreement and a privacy notice for a new UK-based services marketplace website.
- Created and maintained templates for a wide range of websites and apps, including video games, subscription services, PAYG services, marketplaces, news services, social networks, review sites and directories.
Data Protection, Privacy and Confidentiality
- Drafted and maintained a multi-level privacy notice and data processing agreement for an innovative VC-backed SaaS provider.
- Advised on and updating a global privacy notice used by a world-leading provider of software and services for barcode management.
- Prepared a framework intra-group data sharing and data processing agreement for a technology services provider that needed to share data freely between its UK and US operations.
- Advised the provider of an expert system-based legal advice service on the classification, under the GDPR, of complex data processing operations involving a range of actors, and preparing explanatory materials for the client’s customers, along with relevant contract clauses.
- Advised on a tech subsidiary of one of the UK’s best-known brands on the application of the GDPR to its data sharing ecosystem.
- Advised a platform provider on a serious data breach involving information that was highly confidential to one of the world’s largest and wealthiest companies.
- Provided training to a UK barristers’ chambers on the application of the GDPR to their operations and drafting appropriate policy documentation.
- Created and maintained a set of data protection-related templates, including privacy policies, data processing agreements, data sharing agreements, data protection policies, data retention policies and data breach response policies.
Please note: The experience list above may include examples of work completed prior to joining Keystone Law.
Career
Alasdair qualified as a solicitor in 2004. Prior to joining Keystone Law, he worked at the following firms:
- Mayer Brown
- Manches
- ClaydenLaw